SelectBlinds data breach caused by e-skimming attack.
In a major cybersecurity incident that went undetected for nearly nine months, SelectBlinds, an Arizona-based window covering retailer, has discovered a massive data breach affecting 206,238 customers. The breach began on January 7 and was only discovered on September 28, when the company identified suspicious activity on its website, as detailed in breach notices filed in Maine and California.
Scope of the SelectBlinds Data Breach
Through their investigation, SelectBlinds found that the attackers gained access to customers’ names, email addresses, shipping and billing information, phone numbers, and most critically, full payment card details including card numbers, expiration dates and CVV security codes. For customers who logged into their accounts while shopping, their website credentials were also compromised.
The attack methodology bears the hallmarks of sophisticated e-skimming operations, commonly known as Magecart attacks. These attacks represent an increasingly prevalent threat in the e-commerce landscape, where cybercriminals inject malicious JavaScript code into website purchase pages. This creates an invisible network that captures customer data in real time as unsuspecting shoppers complete their purchases.
Understanding E-skimming and Magecart Attacks
Imagine you are shopping at your favorite online store, entering your credit card information to purchase something. What you can’t see is that a digital thief could be silently copying every keystroke you make – that’s e-skimming.
When cybercriminals successfully break into an e-commerce website, they inject malicious code that acts like a secret camera pointed at the checkout page. Whenever a customer types in their credit card number, security code or personal information, this invisible code makes a perfect copy and sends it to the criminals.
What makes these attacks particularly dangerous is their stealth. In the case of SelectBlinds, “an unauthorized third party embedded malware on the SelectBlinds website that allowed the scraping of data on sales transactions that were entered on the checkout page.” The website continued to function normally – customers could still make purchases, pages loaded correctly and nothing seemed amiss. This invisibility allowed the attack to go undetected for about eight months.
Think of it like a compromised ATM—except instead of putting a physical card skimmer in the machine, the criminals put the digital code on the website. The difference is that you can often spot a physical card skimmer, but this digital version is completely invisible to shoppers.
These attacks have become increasingly common because they are profitable and difficult to detect. Unlike stealing data from a company’s database where the information may be encrypted, e-skimming captures data as customers type it in, before any encryption is done.
How has SelectBlinds responded?
SelectBlinds’ response to the disclosure included immediate control measures. “We quickly contained the incident and removed the malware and unauthorized access elements,” the company said in its announcement letter. Additional steps included increased monitoring, improved security controls and system reinforcement.
Protect yourself from sophisticated payment fraud
The SelectBlinds breach is not an isolated incident, but part of a wider trend in payment card theft. According to the Recorded Future Payment Fraud Intelligence Report 2023, cybercriminals are becoming increasingly sophisticated, combining technical attacks such as e-skimming with social engineering tactics. In 2023 alone, over 119 million stolen payment cards were posted for sale on dark web marketplaces, resulting in billions in preventable fraud losses.
The SelectBlinds breach reflects a growing pattern of sophisticated payment card theft that has drawn the attention of law enforcement around the world. Recent actions by Russian authorities against suspected Magecart hackers underscore the global nature of this threat. These cybercriminals are part of an increasingly sophisticated ecosystem that targets e-commerce platforms to steal payment card data.